Community
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Read only

Peer certificate rejected by ChainVerifier

Go to solution
wu_feng2
Explorer

on ‎2019 Sep 03 4:25 AM

0 Likes
1,702

Hello Expert,

When our PO accessed to a HTTPS REST service, getting exception:

MP:exception caught with cause java.io.IOException:iaik.security.ssl.SSLCertificateException: Peer certificate rejected by ChainVerifier.

I had searched several answers and blogs in SCN, had done following actions, and still not work:

1. I have imported the server's certificate,root CA root Certificate、intermediate CA Certificate(three files) into TrustedCA keyview,and imported server's certificate into ICM_SSL_<node> keyview. (this action had done several times).

2. restart service "SSL provider", and restart communication channel.

3. resend a new message.

I tried to "Ping Channel", could see that the URL is reachable, and there's no firewall or network blocked.(See below screenshot).

Then, I tried it with SOAPUI and browser, the service URL is OK, and certificate is valid.

The service does not need basic authentication of client certificate authentication.

Tips: The service does not need basic authentication of client certificate authentication.

Could you give me some advice?

Thanks.

Know the answer?

Help others by sharing your knowledge.

Answer

Need more details?

Request clarification before answering.

Show replies
Show replies

Accepted Solutions (1)

Accepted Solutions (1)

marksmyth
Product and Topic Expert
Product and Topic Expert
‎2019 Sep 03 10:49 AM
0 Likes

Hello Wu Feng,

See the blogs below for more details on using the XPI Inspector tool:

1) Using XPI Inspector to troubleshoot HTTP SSL connections (Part 1 – Server Authentication)

2) Using XPI Inspector to troubleshoot HTTP SSL connections (Part 2 – Client Authentication)

If you need to download/deploy the XPI tool, see note 1514898 XPI Inspector for troubleshooting XI, for details on using the XPI tool (user guide is attached to the note).

Also the notes below document some known issues with this functionality:

2663563 PI REST receiver channel ping fails
2751626 Ping on REST receiver/poller channel is not working properly
2295804 REST Receiver channel ping is failing when HTTPS protocol is configured

Regards
Mark

Show replies
Show replies

Answers (2)

Answers (2)

ravicarpenter
Active Participant
‎2019 Sep 03 7:10 AM

Use xpi_inspector. In its log, you'll be able to see the url of the certificates used. Download them and upload to PI. Stop and Start channels.

Show replies
Show replies
wu_feng2
Explorer
‎2019 Sep 04 8:06 AM
0 Likes

Thank you.

It is useful.

former_member607859
Participant
‎2019 Sep 03 5:12 AM
0 Likes

If you think u got all the certs and still getting error then the issue is stop and start the channel. It is a mandatory step after you upload the certs.

Regards,

—-Satish

Show replies
Show replies
wu_feng2
Explorer
‎2019 Sep 03 6:00 AM
0 Likes

Hello Satish,

I had restarted the channel after upload all the certificates, it didn't work.

And I also confirmed from the service provider that ,their certificate was issued by commercial Org.

Ask a Question